Analysis
-
max time kernel
118s -
max time network
134s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
29-01-2022 03:34
Static task
static1
Behavioral task
behavioral1
Sample
a9c92b29ee05c1522715c7a2f9c543740b60e36373cb47b5620b1f3d8ad96bfa.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a9c92b29ee05c1522715c7a2f9c543740b60e36373cb47b5620b1f3d8ad96bfa.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
a9c92b29ee05c1522715c7a2f9c543740b60e36373cb47b5620b1f3d8ad96bfa.dll
-
Size
209KB
-
MD5
8afdfd6d035b3c616dc37894a15206b4
-
SHA1
a9143b0fc38b6329d5dfbffc4aa91b5f57211da0
-
SHA256
a9c92b29ee05c1522715c7a2f9c543740b60e36373cb47b5620b1f3d8ad96bfa
-
SHA512
cf6b20557576e9d2d4c4e3c6119483b29432549335960ec89679a7132843c15c7b0b9bcc52494bff301b5cf9e9a6ebef21fa6d2f741e21bb6f75ef2b123721f0
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1480 1984 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1480 WerFault.exe 1480 WerFault.exe 1480 WerFault.exe 1480 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1480 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1480 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1984 wrote to memory of 1480 1984 rundll32.exe WerFault.exe PID 1984 wrote to memory of 1480 1984 rundll32.exe WerFault.exe PID 1984 wrote to memory of 1480 1984 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a9c92b29ee05c1522715c7a2f9c543740b60e36373cb47b5620b1f3d8ad96bfa.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1984 -s 842⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken